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CLAIMS 

We claim: 



1 1 . A collaborative file rights management method comprising: 

2 identifying a file input/output (I/O) request to access a file, said file I/O request 

3 originating in an authoring application; 

4 suppressing said file I/O request; 

5 automatically extracting digital rights management data appended to said file; 
6 providing said file to said authoring application; and, 

7 St managing access to said file in said authoring application based upon said 

dm extracted digital rights management data. 

1 H- 2. The method of claim 1 , further comprising: 
2*L? decrypting said file. 

1 3. The method of claim 1 , wherein said extracting step further comprises: 

2 determining environmental data associated with said file I/O request, said 

3 environmental data comprising at least one of a requestor's identity, a requestor's class, 

4 a requestor's computing domain, a requestor's location, a password, a time of day, and 

5 a date; and, 

6 extracting an access policy appended to said file 



P1023371;1 



PATENT 

DOCKET NO.: 7216-1 

1 4. The method of claim 3, wherein said providing step comprises: 

2 comparing said access policy to at least a portion of said environmental data; 

3 authenticating said file I/O request based upon said comparison; and, 

4 providing said file to said authoring application only if said file I/O request has 

5 been authenticated. 

1 5. The method of claim 1 , wherein said suppressing step comprises: 

2 " posting a responsive message to said authoring application; 

3 5 intercepting an operating system event in said authoring application, said 
4111 operating system event indicating receipt of said responsive message; and, 

5 III quashing further processing of said intercepted operating system event 

1 6. The method of claim 1 , wherein said identifying step comprises: 

2|S monitoring kernel-level file I/O requests contained in I/O request packets 

3 processed in a file system manager; and, 

4 detecting said file I/O request to access said file in one of said I/O request 

5 packets. 

1 7. The method of claim 1 , wherein said management step comprises: 

2 intercepting operating system messages in said authoring application; 
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3 detecting among said intercepted operating system messages, operating system 

4 messages directed to authoring application operations which can be limited according 

5 to digital rights specified in said extracted digital rights management data; and, 

6 quashing said detected events where said digital rights management data 

7 prohibits execution of said authoring application operations. 

1 8. The method of claim 7, wherein said authoring application operations comprise 

2 C! operations selected from the group consisting of clipboard operations, printing 
3j0 operations, file saving operations, and file editing operations. 

1 *y 9. A collaborative file rights management method comprising: 

2[I identifying a file input/output (I/O) request to save a file, said request originating 

301 in an authoring application; 

4H* suppressing said request and automatically encrypting said file; 

5 appending an access policy and digital rights management data to said 

6 encrypted file; and, 

7 storing said file in fixed storage. 

1 10. The method of claim 9, wherein said suppressing step comprises: 

2 posting a responsive message to said authoring application; 
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3 intercepting an operating system event in said authoring application, said 

4 operating system event indicating receipt of said responsive message; and, 

5 quashing further processing of said intercepted operating system event. 

1 11. The method of claim 9, wherein said identifying step comprises: 

2 monitoring kernel-level file I/O requests contained in I/O request packets 

3 processed in a file system manager; and, 

4 ^2 detecting said file I/O request to save said file in one of said I/O request packets. 

1 m 1 2. A collaborative file rights management system comprising: 

2 ;f a file security management application configured to intercept operating system 

3 H messages directed to an authoring application; and, 

48} a file security filter driver configured to identify file input/output (I/O) requests 

5^ received in a kernel-layer file system manager to open an encrypted file in said 

6 authoring application; 

7 said file security filter driver quashing said file I/O requests, decrypting said 

8 encrypted file and providing said decrypted file to said authoring application; 

9 said file security management application extracting digital rights management 

10 data appended to said encrypted file, detecting among intercepted operating system 

11 messages, operating system messages directed to authoring application operations 

12 which can be limited according to digital rights specified in said extracted digital rights 
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13 management data, and, quashing said detected events where said digital rights 

14 management data prohibits execution of said authoring application operations. 

1 13. A machine readable storage having stored thereon a computer program for 

2 managing digital rights in a collaborative file, said computer program comprising a 

3 routine set of instructions for causing the machine to perform the steps of: 

4 identifying a file input/output (I/O) request to access a file, said file I/O request 
5*0 originating in an authoring application; 

aim 

6 5 suppressing said file I/O request; 

automatically extracting digital rights management data appended to said file; 
8^7 providing said file to said authoring application; and, 

9jU managing access to said file in said authoring application based upon said 

1031 extracted digital rights management data. 



1 14. The machine readable storage of claim 13, further comprising: 

2 decrypting said file. 

1 15. The machine readable storage of claim 13, wherein said extracting step further 

2 comprises: 

3 determining environmental data associated with said file I/O request, said 

4 environmental data comprising at least one of a requestor's identity, a requestor's class, 
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5 a requestor's computing domain, a requestor's location, a password, a time of day, and 

6 a date; and, 

7 extracting an access policy appended to said file 

1 16. The machine readable storage of claim 1 5, wherein said providing step 

2 comprises: 

3 comparing said access policy to at least a portion of said environmental data; 
4^ authenticating said file I/O request based upon said comparison; and, 

5% providing said file to said authoring application only if said file I/O request has 

6 iff been authenticated. 

1 H= 1 7. The machine readable storage of claim 1 3, wherein said suppressing step 

2*Z comprises: 

3£7 posting a responsive message to said authoring application; 

4 intercepting an operating system event in said authoring application, said 

5 operating system event indicating receipt of said responsive message; and, 

6 quashing further processing of said intercepted operating system event. 

1 18. The machine readable storage of claim 1 3, wherein said identifying step 

2 comprises: 
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3 monitoring kernel-level file I/O requests contained in I/O request packets 

4 processed in a file system manager; and, 

5 detecting said file I/O request to access said file in one of said I/O request 

6 packets. 

1 1 9. The machine readable storage of claim 1 3, wherein said management step 

2 comprises: 

3 J intercepting operating system messages in said authoring application; 

4 Jj detecting among said intercepted operating system messages, operating system 
5m messages directed to authoring application operations which can be limited according 
6fU to digital rights specified in said extracted digital rights management data; and, 

7p ! quashing said detected events where said digital rights management data 

sjlj prohibits execution of said authoring application operations. 



1 20. The machine readable storage of claim 19, wherein said authoring application 

2 operations comprise operations selected from the group consisting of clipboard 

3 operations, printing operations, file saving operations, and file editing operations. 
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